Provided by: drool_2.0.0-2_all 
NAME
drool - DNS Replay Tool
SYNOPSIS
drool respdiff [ options ] path name file name host port
DESCRIPTION
This tool is to be used in conjunction with the tool-chain respdiff by CZ.NIC (see
https://gitlab.labs.nic.cz/knot/respdiff).
It will replay DNS queries found in the PCAP, but only if a correlating response is also
found, against the target host and port. The query, original response and the received
response is then stored into a LMDB database located at path. The name before the PCAP
file and the name before the target host are stored in the meta table which should
correspond with the configuration use for respdiff in order for it to be able to read the
results correctly.
OPTIONS
These options are specific for the respdiff command, see drool(1) for generic options.
-D Show DNS queries and responses as processing goes.
--no-tcp
Do not use TCP.
--no-udp
Do not use UDP.
-T --threads
Use threads.
--tcp-threads N
Set the number of TCP threads to use, default 2.
--udp-threads N
Set the number of UDP threads to use, default 4.
--timeout N.N
Set timeout for waiting on responses [seconds.nanoseconds], default 10.0.
--size BYTES
Set the size (in bytes, multiple of OS page size) of the LMDB database, default
10485760.
DATABASE SIZE
Note that you will need to set a database size that is large enough for all queries, all
original responses, all received responses and all analysis done by respdiff tool-chain in
order for a successful analysis to be done.
EXAMPLE
This example replays a PCAP file against localhost and then uses the respdiff tool-chain
to analyze the results.
$ drool respdiff /lmdb/path pcap file.pcap target 127.0.0.1 53
$ msgdiff.py /lmdb/path
$ diffsum.py /lmdb/path
SEE ALSO
drool(1)
AUTHORS
Jerry Lundström, DNS-OARC
Maintained by DNS-OARC
https://www.dns-oarc.net/
BUGS
For issues and feature requests please use:
https://github.com/DNS-OARC/drool/issues
For question and help please use:
admin@dns-oarc.net